> >> >> - Unfortunately the driver in its current version can't be used with >> IPsec and with GELI where authentication is enabled. This is because >> the driver doesn't support sessions where both encryption and >> authentication is defined. Do you have plans to change it? >> I saw that you based crypto(9) bits on padlock, which does support >> sessions with authentication by calculating hashes in software. > My goal was to develop fpu_kern_enter() KPI. I used the AESNI as an > opportunity to test the KPI in real application. I may consider adding > software-implemented authentification sometime later. I would not object > if anybody do this instead of me.
Today I've tested the patch with the same "issue" with IPsec, i've quickly re-included the same keyed hash function than padlock to test, tomorrow I will test again and I will post a patch if it works well. A minor things: aesni only compile as a module. Another idea for Sha1 would be to integrate the new version from intel http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/ but it seems the 32bits version is not available at this time (and same licencing issue). Regards, Fabien _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
